Tuesday, October 16, 2012

Take Two Aspirin and Text Me in the Morning: Will healthcare technology implementations raise new privacy concerns?

Our blog has moved. You will find this blog post and fresh content on our new Talascend IT blog.
Is the healthcare industry ready for secure texting?

A new HIPAA compliant texting app is in beta testing at about 80 hospitals around the US right now. It is secure, traceable, encrypted and recorded. In other words, the HIPAA aspects are all covered so physicians who use texting as a means of communication are no longer breaking the rules. But what about human error?

I love technology. I've made information technology my career. Technology touches nearly every part of my life. And, as I've said before, I am a technical early adopter.  I’m in favor of technical progress, new innovations, and using technology in as many ways as is possible to improve my life and work. Despite popular belief, a lot of doctors,
clinicians, and nurses are too.

I’m also as addicted to texting as anyone out there (OK, middle school kids might have one up on me) and I use it as a primary method of communication.

For those of you who know the feeling, you also know the feeling of sending the wrong text to the wrong person occasionally. What's to prevent a doctor, nurse, or a medical assistant from sending your information to another person via text?

Medical records are not always pristine. I have a colleague whose medical records are actually mixed with another person of the same name, stating he has ailments and a prescription regimen he is not actually on, and who receives mail for Medicare insurance despite the fact that he is in his 40's. That's an entirely different matter for later discussion, but it does have relevance.

If it can happen in the back office of a healthcare organization, it can certainly happen via text.

I can understand the need for instantaneous communication within a healthcare organization and can understand the benefits. The worst case scenario is that a texting app along with human error sends my information to the wrong department or doctor within an HCO. My information is not publicly compromised.

My concern is that human error via texts intended for me could do just that.

I’m sure technology providers and HCO's will secure my data with unique ID's such as a SSN, patient number, or something similar, but that’s only as good as the human doing the texting. I am sure mistakes aren't commonplace but, through my experiences working with technology and in healthcare IT staffing, they do happen on nearly every level of every organization.

A famous quote from Alexander Pope states, 'To err is human; to forgive, divine.'

On the surface I love the idea of texts from my doctor. Who wouldn't want information or test results as soon as they come in? I love the idea until the doctor sends it to my wife, or child, or mother by accident because they have the same last name, or initials.

I don't know how many people would forgive a mistake such as leaking private medical information in today's litigious society.

Perhaps a safer method would be that the texting is not actually sent by a human at all. Rather; it’s an integration into the EMR product that then sends out the texts to the phone number on file.

Unfortunately, although more secure, this brings up two other problems:
  1. My phone number on record is wrong at two different doctor's offices I've visited in the in the last year alone due to moving; which means that whomever has my old number would receive my medical information. 

  2. I often give my phone to a friend or relative to play a game, look at pictures, or hop on the web.  A big text box popping up with an image of my MRI results isn’t exactly information I want shared.
We discuss data security and healthcare in these blogs frequently and, I’m sorry but, unless there is a way (and maybe there is) that text providers can ensure texts are going to the right person; 100% of the time, without fail; this seems like a disaster waiting to happen.

I think I may have an alternate solution to reduce the chances of human error.

The large EMR vendors could develop a healthcare app for smart phones that ties into your electronic medical record for which you would have a secure login with a password and username that can't be stored. You can see the information as it gets put into your electronic records. It would be as simple as checking on your bank account online. You could sign up for instant notifications that alert you a new message has arrived, instead of sending the confidential information.

Regardless of the technology, employees at every level of healthcare organizations are craving a solution. Beta testing is just that: testing. Just because it works does not make it as functional and secure as it can be. We would be wise to make sure we have this right before a widespread beta roll-out turns out to be very wrong as a result of our desire to have the products now.

Josh Kaplan writes on various subjects including information technology breakthroughs, healthcare IT recruitment and innovations, big data, IT staffing and recruitment, and technical industry news and trends.